USA 
United Kingdom
With the FIFA 2026 World Cup in full swing, experts have warned of a rising wave of cybersecurity scams targeting employees and their workplaces.
A study from CUJO AI’s Security Research Laboratory identified a series of campaigns in which cybercriminals set up domains posing as FIFA recruitment pages and career portals.
The fake job portals push the applicants to provide credentials, including corporate emails, leaving them vulnerable to phishing.
World Cup cyberattacks expose employers
The 2026 FIFA World Cup is the biggest it has ever been, with the tournament expanded to include 48 teams. A record 104 matches are taking place across the US, Canada and Mexico from June 11 to July 19.
But while this behemoth sporting event brings myriad commercial opportunities, to the tune of several billion dollars, it also presents extensive risks for exploitative scams and cybersecurity campaigns.
Podcast | CHRO, SugarAI: The toolkits & playbooks that help our managers thrive
There is generally widespread awareness of fraud affecting fans, such as fake ticket websites, but other campaigns have also accelerated, leaving targeted workers and businesses at risk.
Ahead of the tournament, the Federal Bureau of Investigation (FBI) issued a Public Service Announcement (PSA) warning the public about the so-called “spoofing attacks.”
“A spoofed website is designed to pose as a legitimate website, with branding, product listings, etc., and malicious actors use them to further illegal activity like personal information theft and facilitating monetary scams,” the PSA said.
The FBI decried the “malicious activity,” warning that threat actors “create a deceptive version of a legitimate website (www.fifa.com) with the goal of tricking users into believing they're interacting with an official brand.”
Of various spoofed websites that exist, CUJO AI identified 21 posing as FIFA’s recruitment pages – including fifa-careerhub[.]com, fifa-careerportal[.]com, and fifajobs[.]com.
There is a significant risk for organizations that employ victims, who are targeted most likely through targeted messages on social media and other platforms, including from accounts posing as FIFA officials.
This is because of cases where employees are mandated to use their work email when filling in their personal details on the sites.
In one case, as reported by Total Telecom, attempting to use a personal address would trigger the response: “Please use your work or business email.”
Corporate cybersecurity threats
With the spoofed sites home to seemingly official – but stolen – FIFA branding, slick career portals, and full profiles of real recruiters featuring photos, the scams are extremely sophisticated and pose a direct risk to employers.
Victims are even invited to schedule a 30-minute phone call using tools such as Google Calendar.
Hopeful applicants attempting to use a personal email address, including gmail.com, hotmail.com, live.com, msn.com, outlook.com, yahoo.com, and more, would all be met with a request for organizational login credentials – indicating the hackers are directly seeking access to corporate accounts.
The use of FIFA branding also shows a clear attempt to use the hype of a global event or brand to target individuals, with similar approaches used in past impersonations of Coca-Cola, Heineken, Netflix, PepsiCo, Spotify, and others.
It cements the need for employers to be wary of malicious campaigns that target individual weaknesses through highly sophisticated phishing attempts.
Turning workforce data into early warnings for high-cost employees
HR leaders have a vital role to play in protecting their workplaces.
Adam Hickman, PhD, VP of Learning & Development at Partners FCU, and Brian Kairnes, Chief Risk Officer at Partners FCU, wrote for HR Grapevine in 2025: “As cyber threats grow in sophistication, HR teams must work closely with cybersecurity professionals to address the weakest link in security: human behavior.”
How HR & IT can tackle cybersecurity
Hickman and Kairnes set out key advice for employers and HR teams.
“Employees should receive cybersecurity training as part of their onboarding, covering password hygiene, phishing awareness, and company-specific security policies,” they argued.
Effective background checks, phishing simulations & cybersecurity drills, gamification & incentives, and leadership role-modelling were also highlighted as vital considerations.
“When executives actively promote cybersecurity awareness, employees take it more seriously,” the executives shared. “HR can integrate security KPIs into leadership performance metrics to ensure commitment from the top down.”
“Companies that fail to integrate HR into cybersecurity strategies not only face higher risk exposure but also suffer from greater financial, operational, and reputational repercussions,” they warned. “The consequences of weak HR-cybersecurity alignment extend far beyond data breaches, with possible negative impacts on employee trust, regulatory compliance, and overall business continuity.”
